Carnegie Mellon
Course Overview15-213/18-243: Introduction to Computer Systems1st Lecture, 18 May 2011
Instructors: Gregory Kesden
The course that gives CMU its “Zip”!
Carnegie Mellon
Overview
Course theme Five realities How the course fits into the CS/ECE curriculum Logistics
Carnegie Mellon
Course Theme:Abstraction Is Good But Don’t Forget Reality
Most CS and CE courses emphasize abstraction Abstract data types Asymptotic analysis
These abstractions have limits Especially in the presence of bugs Need to understand details of underlying implementations
Useful outcomes Become more effective programmers
Able to find and eliminate bugs efficiently Able to understand and tune for program performance
Prepare for later “systems” classes in CS & ECE Compilers, Operating Systems, Networks, Computer Architecture,
Embedded Systems
Carnegie Mellon
Great Reality #1: Ints are not Integers, Floats are not Reals Example 1: Is x2 ≥ 0?
Float’s: Yes!
Int’s: 40000 * 40000 1600000000➙ 50000 * 50000 ??➙
Example 2: Is (x + y) + z = x + (y + z)? Unsigned & Signed Int’s: Yes! Float’s:
(1e20 + -1e20) + 3.14 --> 3.14 1e20 + (-1e20 + 3.14) --> ??
xkcd.com/571
Carnegie Mellon
Code Security Example/* Kernel memory region holding user-accessible data */#define KSIZE 1024char kbuf[KSIZE];
/* Copy at most maxlen bytes from kernel region to user buffer */int copy_from_kernel(void *user_dest, int maxlen) { /* Byte count len is minimum of buffer size and maxlen */ int len = KSIZE < maxlen ? KSIZE : maxlen; memcpy(user_dest, kbuf, len); return len;}
Similar to code found in FreeBSD’s implementation of getpeername
There are legions of smart people trying to find vulnerabilities in programs
Carnegie Mellon
Typical Usage/* Kernel memory region holding user-accessible data */#define KSIZE 1024char kbuf[KSIZE];
/* Copy at most maxlen bytes from kernel region to user buffer */int copy_from_kernel(void *user_dest, int maxlen) { /* Byte count len is minimum of buffer size and maxlen */ int len = KSIZE < maxlen ? KSIZE : maxlen; memcpy(user_dest, kbuf, len); return len;}
#define MSIZE 528
void getstuff() { char mybuf[MSIZE]; copy_from_kernel(mybuf, MSIZE); printf(“%s\n”, mybuf);}
Carnegie Mellon
Malicious Usage
#define MSIZE 528
void getstuff() { char mybuf[MSIZE]; copy_from_kernel(mybuf, -MSIZE); . . .}
/* Kernel memory region holding user-accessible data */#define KSIZE 1024char kbuf[KSIZE];
/* Copy at most maxlen bytes from kernel region to user buffer */int copy_from_kernel(void *user_dest, int maxlen) { /* Byte count len is minimum of buffer size and maxlen */ int len = KSIZE < maxlen ? KSIZE : maxlen; memcpy(user_dest, kbuf, len); return len;}
Carnegie Mellon
Computer Arithmetic
Does not generate random values Arithmetic operations have important mathematical properties
Cannot assume all “usual” mathematical properties Due to finiteness of representations Integer operations satisfy “ring” properties
Commutativity, associativity, distributivity Floating point operations satisfy “ordering” properties
Monotonicity, values of signs Observation
Need to understand which abstractions apply in which contexts Important issues for compiler writers and serious application programmers
Carnegie Mellon
Great Reality #2: You’ve Got to Know Assembly
Chances are, you’ll never write programs in assembly Compilers are much better & more patient than you are
But: Understanding assembly is key to machine-level execution model Behavior of programs in presence of bugs
High-level language models break down Tuning program performance
Understand optimizations done / not done by the compiler Understanding sources of program inefficiency
Implementing system software Compiler has machine code as target Operating systems must manage process state
Creating / fighting malware x86 assembly is the language of choice!
Carnegie Mellon
Assembly Code Example
Time Stamp Counter Special 64-bit register in Intel-compatible machines Incremented every clock cycle Read with rdtsc instruction
Application Measure time (in clock cycles) required by procedure
double t;start_counter();P();t = get_counter();printf("P required %f clock cycles\n", t);
Carnegie Mellon
Code to Read Counter
Write small amount of assembly code using GCC’s asm facility
Inserts assembly code into machine code generated by compiler
static unsigned cyc_hi = 0;static unsigned cyc_lo = 0;
/* Set *hi and *lo to the high and low order bits of the cycle counter. */void access_counter(unsigned *hi, unsigned *lo){ asm("rdtsc; movl %%edx,%0; movl %%eax,%1"
: "=r" (*hi), "=r" (*lo) :: "%edx", "%eax");
}
Carnegie Mellon
Great Reality #3: Memory MattersRandom Access Memory Is an Unphysical Abstraction
Memory is not unbounded It must be allocated and managed Many applications are memory dominated
Memory referencing bugs especially pernicious Effects are distant in both time and space
Memory performance is not uniform Cache and virtual memory effects can greatly affect program performance Adapting program to characteristics of memory system can lead to major
speed improvements
Carnegie Mellon
Memory Referencing Bug Example
double fun(int i){ volatile double d[1] = {3.14}; volatile long int a[2]; a[i] = 1073741824; /* Possibly out of bounds */ return d[0];}
fun(0) ➙ 3.14fun(1) ➙ 3.14fun(2) ➙ 3.1399998664856fun(3) ➙ 2.00000061035156fun(4) ➙ 3.14, then segmentation fault
Result is architecture specific I execute up to fun(11) on my Core 2 Duo Mac
Carnegie Mellon
Memory Referencing Bug Example
double fun(int i){ volatile double d[1] = {3.14}; volatile long int a[2]; a[i] = 1073741824; /* Possibly out of bounds */ return d[0];}
fun(0) ➙ 3.14fun(1) ➙ 3.14fun(2) ➙ 3.1399998664856fun(3) ➙ 2.00000061035156fun(4) ➙ 3.14, then segmentation fault
Location accessed by fun(i)
Explanation: Saved State 4
d7 ... d4 3
d3 ... d0 2
a[1] 1
a[0] 0
Carnegie Mellon
Memory Referencing Errors
C and C++ do not provide any memory protection Out of bounds array references Invalid pointer values Abuses of malloc/free
Can lead to nasty bugs Whether or not bug has any effect depends on system and compiler Action at a distance
Corrupted object logically unrelated to one being accessed Effect of bug may be first observed long after it is generated
How can I deal with this? Program in Java, Ruby or ML Understand what possible interactions may occur Use or develop tools to detect referencing errors
Carnegie Mellon
Memory System Performance Example
Hierarchical memory organization Performance depends on access patterns
Including how step through multi-dimensional array
void copyji(int src[2048][2048], int dst[2048][2048]){ int i,j; for (j = 0; j < 2048; j++) for (i = 0; i < 2048; i++) dst[i][j] = src[i][j];}
void copyij(int src[2048][2048], int dst[2048][2048]){ int i,j; for (i = 0; i < 2048; i++) for (j = 0; j < 2048; j++) dst[i][j] = src[i][j];}
21 times slower(Pentium 4)
Carnegie Mellon
The Memory Mountain
s1
s3
s5
s7
s9
s11
s13
s15
8m
2m 512k 12
8k 32k 8k
2k
0
200
400
600
800
1000
1200
Read throughput (MB/s)
Stride (words) Working set size (bytes)
Pentium III Xeon550 MHz16 KB on-chip L1 d-cache16 KB on-chip L1 i-cache512 KB off-chip unifiedL2 cache
L1
L2
Mem
Carnegie Mellon
Great Reality #4: There’s more to performance than asymptotic complexity
Constant factors matter too! And even exact op count does not predict
performance Easily see 10:1 performance range depending on how code written Must optimize at multiple levels: algorithm, data representations,
procedures, and loops Must understand system to optimize performance
How programs compiled and executed How to measure program performance and identify bottlenecks How to improve performance without destroying code modularity and
generality
Carnegie Mellon
Example Matrix Multiplication
Standard desktop computer, vendor compiler, using optimization flags
Both implementations have exactly the same operations count (2n3) What is going on?
Matrix-Matrix Multiplication (MMM) on 2 x Core 2 Duo 3 GHz (double precision)Gflop/s
160x
Triple loop
Best code (K. Goto)
Carnegie Mellon
MMM Plot: Analysis
Matrix-Matrix Multiplication (MMM) on 2 x Core 2 Duo 3 GHzGflop/s
Memory hierarchy and other optimizations: 20x
Vector instructions: 4x
Multiple threads: 4x
Reason for 20x: Blocking or tiling, loop unrolling, array scalarization, instruction scheduling, search to find best choice
Effect: less register spills, less L1/L2 cache misses, less TLB misses
Carnegie Mellon
Great Reality #5:Computers do more than execute programs They need to get data in and out
I/O system critical to program reliability and performance
They communicate with each other over networks Many system-level issues arise in presence of network
Concurrent operations by autonomous processes Coping with unreliable media Cross platform compatibility Complex performance issues
Carnegie Mellon
Role within CS/ECE Curriculum
CS 410OperatingSystems
CS 410OperatingSystems
CS 411CompilersCS 411Compilers
ProcessesMem. Mgmt
CS 441NetworksCS 441Networks
NetworkProtocols
ECE 447ArchitectureECE 447Architecture
ECE 349EmbeddedSystems
ECE 349EmbeddedSystems
CS 412OS PracticumCS 412OS Practicum
CS 123C ProgrammingCS 123C Programming
CS 415DatabasesCS 415Databases
Data Reps.Memory Model
ECE 340DigitalComputation
ECE 340DigitalComputation
MachineCode Arithmetic
ECE 348EmbeddedSystem Eng.
ECE 348EmbeddedSystem Eng.
Foundation of Computer SystemsUnderlying principles for hardware, software, and networking
Execution ModelMemory System
CS 213ECE 243CS 213
ECE 243
ECE 545/549CapstoneECE 545/549Capstone
Carnegie Mellon
Course Perspective
Most Systems Courses are Builder-Centric Computer Architecture
Design pipelined processor in Verilog Operating Systems
Implement large portions of operating system Compilers
Write compiler for simple language Networking
Implement and simulate network protocols
Carnegie Mellon
Course Perspective (Cont.)
Our Course is Programmer-Centric Purpose is to show how by knowing more about the underlying system,
one can be more effective as a programmer Enable you to
Write programs that are more reliable and efficient Incorporate features that require hooks into OS
– E.g., concurrency, signal handlers Not just a course for dedicated hackers
We bring out the hidden hacker in everyone Cover material in this course that you won’t see elsewhere
Carnegie Mellon
Course Components
Lectures Higher level concepts
Recitations Applied concepts, important tools and skills for labs, clarification of
lectures, exam coverage Labs (7)
The heart of the course 1-2 weeks each Provide in-depth understanding of an aspect of systems Programming and measurement
Exams (2) Test your understanding of concepts & mathematical principles
Carnegie Mellon
Programs and Data
Topics Bits operations, arithmetic, assembly language programs Representation of C control and data structures Includes aspects of architecture and compilers
Assignments L1 (datalab): Manipulating bits L2 (bomblab): Defusing a binary bomb L3 (buflab): Hacking a buffer bomb
Carnegie Mellon
The Memory Hierarchy
Topics Memory technology, memory hierarchy, caches, disks, locality Includes aspects of architecture and OS
Carnegie Mellon
Performance
Topics Co-optimization (control and data), measuring time on a computer Includes aspects of architecture, compilers, and OS
Assignments L4 (cachelab): Build cache simulator, optimize matrix operations
Carnegie Mellon
Exceptional Control Flow
Topics Hardware exceptions, processes, process control, Unix signals,
nonlocal jumps Includes aspects of compilers, OS, and architecture
Assignments L5 (tshlab): Writing your own shell with job control
Carnegie Mellon
Virtual Memory
Topics Virtual memory, address translation, dynamic storage allocation Includes aspects of architecture and OS
Assignments L6 (malloclab): Writing your own malloc package
Get a real feel for systems programming
Carnegie Mellon
Networking, and Concurrency
Topics High level and low-level I/O, network programming Internet services, Web servers concurrency, concurrent server design, threads I/O multiplexing with select Includes aspects of networking, OS, and architecture
Assignments L7 (proxylab): Writing your own Web proxy
Carnegie Mellon
Have Fun!